Rob Champion

☁️"Domestic is not sovereign, nor is it necessarily safe." haunting words from Simon about what “sovereign” really means. Many assume that if servers are located in an Australian data centre, their data is both sovereign and safe, let me throw a curve ball to make it more complex. 📃Take a look at two U.S. laws: the USA PATRIOT Act (2001) and the U.S. CLOUD Act (2018), together, they give U.S. authorities sweeping powers to access data held by American companies (*cough* no matter where in the world that data sits, including Australia). ➡️Under the Patriot Act, agencies gained expanded surveillance rights to compel access to business and personal records in the name of national security. 🎯The Cloud Act takes that reach further, allowing the U.S. Government to demand data from U.S.-based providers, even if those servers are hosted here in Australia. ⚠️This means that although you may have a “secure” Azure, AWS, or Google instance located onshore, those environments are still bound by U.S. jurisdiction. Encryption helps, but how many organisations actually implement robust, end-to-end encryption and manage their keys 🔑independently? ✅Sovereignty aside, misconfiguration risk is already a major issue, here's some FACTS: - 27% of organisations report a public cloud breach according to SentinelOne. - Around 9% of cloud storage is publicly accessible, and 97% of that exposed data is sensitive according to Tenable - 21% of exposed S3 buckets contain sensitive data due to poor access controls. 🗺️So sure, location matters, BUT, legal jurisdiction and configuration controls matter more. Simply hosting workloads onshore doesn’t guarantee sovereignty or safety. What protects your business is a layered strategy: encryption, independent key management, rigorous configuration governance, continuous monitoring, and a complete understanding of the regulatory landscape you’re operating under. 👉 Don’t turn a blind eye by where your cloud is. Focus on who controls it, what laws apply, and how it’s secured. Need help in understanding your requirements, AND, securing your cloud environment? Why not reach out to the cloud and security experts at ASE Tech. #ShiftHappens #DataCentre #ThinkBeforeYouClick

108

20 Comments

Broken API authorization is still exposing sensitive data - so Intruder built a FREE tool to find it.⚡ Three years after the Optus breach - where millions of customer records were stolen via an unauthenticated API - Intruder’s security team is still finding the same flaws, even in S&P 500 companies. These vulnerabilities are so easy to exploit you could teach someone with no technical background to do it in a day. 🤯 That’s why Intruder built Autoswagger - a FREE, open‑source tool that finds unauthenticated API endpoints leaking sensitive data like credentials or PII. Get Autoswagger FREE on GitHub and see the real vulnerabilities Intruder’s security team uncovered when they put it to the test. Get Autoswagger: https://lnkd.in/e8cA3Ktr 🔥 Read the research ->> https://lnkd.in/eKZz_ybJ

150

6 Comments

This month Atturra consultants - Ashley Fonseca and Jonathan Souter took part in 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁'𝘀 𝘁𝗵𝗿𝗲𝗲-𝗱𝗮𝘆 𝗔𝗜 𝗛𝗮𝗰𝗸𝗮𝘁𝗵𝗼𝗻 𝗳𝗼𝗿 𝗗𝗲𝗳𝗲𝗻𝗰𝗲 in Adelaide. Working alongside Microsoft and industry peers, their team developed an AI-assisted compliance system designed to evaluate Defence ICT environments against the 𝗔𝘂𝘀𝘁𝗿𝗮𝗹𝗶𝗮𝗻 𝗚𝗼𝘃𝗲𝗿𝗻𝗺𝗲𝗻𝘁 𝗜𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗠𝗮𝗻𝘂𝗮𝗹 (𝗜𝗦𝗠).   ✔️ Built on an Azure VM using 𝗔𝗜 𝗙𝗼𝘂𝗻𝗱𝗿𝘆, 𝗔𝘂𝘁𝗼𝗚𝗲𝗻, 𝗮𝗻𝗱 𝗣𝘆𝘁𝗵𝗼𝗻   ✔️ Powered by a 𝗺𝘂𝗹𝘁𝗶-𝗮𝗴𝗲𝗻𝘁 𝗮𝗿𝗰𝗵𝗶𝘁𝗲𝗰𝘁𝘂𝗿𝗲 (policy, hardening, monitoring, crypto, and network)   ✔️ Automated compliance mapping and 𝗱𝗶𝗿𝗲𝗰𝘁 𝗦𝗦𝗣 𝗽𝗼𝗽𝘂𝗹𝗮𝘁𝗶𝗼𝗻   ✔️ Delivered a compliance view (Comply / Gap) with 𝗿𝗲𝗺𝗲𝗱𝗶𝗮𝘁𝗶𝗼𝗻 𝗴𝘂𝗶𝗱𝗮𝗻𝗰𝗲 🏆 Their solution earned 𝘀𝗲𝗰𝗼𝗻𝗱 𝗽𝗹𝗮𝗰𝗲 at the Hackathon and was among the top three projects invited to present at the 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗗𝗲𝗳𝗲𝗻𝗰𝗲 𝗜𝗻𝗱𝘂𝘀𝘁𝗿𝘆 𝗦𝘆𝗺𝗽𝗼𝘀𝗶𝘂𝗺 this week (link in comments). This achievement not only highlights the technical depth and creativity of our team but also demonstrates how Atturra is actively contributing to Microsoft’s AI strategy for Defence - delivering secure, compliant, and mission-ready innovation. Congratulations Ashley and Jonathan for representing Atturra at this important event and showcasing what’s possible when AI is applied to mission-critical compliance challenges. #Defence #MicrosoftAI #Innovation #Compliance #Atturra #AIHackathon #AIHackathonDefence

78

6 Comments

Cyber security is no longer just a technical issue. It is a national priority. The Australian Competition and Consumer Commission is stepping into a broader role. One that includes oversight of Digital ID providers and leadership of the National Anti Scam Centre. This is not just about protecting consumers. It is about safeguarding the systems Australians rely on every day. To meet this challenge, the ACCC is undertaking a comprehensive cyber security uplift. The program is designed to strengthen internal systems, protect sensitive data, and build trust in the digital platforms that power everyday life. The uplift focuses on: • Alignment with the Australian Signals Directorate’s Essential Eight • Compliance with the Protective Security Policy Framework • Resilience against evolving digital threats • Readiness to support national infrastructure and citizen services This is not just about technology. It is about leadership, clarity, and protecting what matters most. Learn more about the ACCC’s cyber security uplift and what it means for Australia: https://hubs.la/Q03B3Vr00 #CyberResilience #DigitalTrust #EssentialEight #NationalSecurity #ManagedITServices #KMT #KMTChangingTheGame #HumanFaceOfTech #PeopleFirstTech

27

Head of ASD’s Australian Cyber Security Centre, Stephanie Crowe spoke with Jane Nicholls from the Australian Institute of Company Directors about keeping your business cyber secure. She highlighted the importance of leaders practicing cyber security on their own personal devices and shared her 5 golden security rules to do this: 1. Accept all updates on phones, laptops and desktops immediately. 2. Reset passwords regularly. 3. Set up multi-factor authentication (MFA) and digital credentials on your devices. 4. Trash apps you’re not using. 5. Make turning off devices part of your routine, at least every couple of days. Read more 👉 https://lnkd.in/gV-AC_Hi

226

1 Comment

With more than 180 sites across regional Queensland, Energy Queensland set out to modernise its employee experience, enhance security, and prepare for the adoption of Microsoft 365 Copilot. Together with Data#3, the team rolled out Microsoft Surface devices, transitioned to Microsoft Defender for Endpoint, streamlined management with Intune, and laid the security foundation needed to safely integrate generative AI into daily operations. Now, with the Copilot Readiness Assessment, Energy Queensland is identifying next steps to bring AI to life across its diverse workforce, unlocking smarter ways of working while maintaining strong governance. We're proud to support Energy Queensland on their journey and excited to see how they harness Microsoft 365 Copilot to empower frontline and corporate teams alike. 📖 Read the full story: https://bit.ly/4mwbWHn #EnergyQueensland #Microsoft365Copilot

30